Tag: Business Intelligence

Donut Holes! Dunkin’ Data Breach Settlement

Dunkin’ was repeatedly alerted to attackers’ ongoing attempts to log in to customer accounts by a third-party app developer. The app developer even provided Dunkin’ with a list of nearly 20,000 accounts that had been compromised by attackers over just a sample five-day period. “Yet, Dunkin’ failed to investigate the attacks to identify other customer accounts that had been compromised, determine what customer information had been acquired, or whether customer funds had been stolen.

Dunkin agreed to pay $650,000 as penalty settlement costs for the lawsuit over its failure to respond to credential stuffing attacks.

» Read More

Erasing the “Lines” to Enhance Risk Management

In July 2020, The Institute of Internal Auditors (“IIA”) updated its Three Lines of Defense Model (“Model”) to emphasize more active forms of risk management and governance that appear to go beyond merely defensive maneuvers made by the internal audit function.  

Some believed the old model sent a message that we should fear risk. I never saw it that way. I understood the subliminal message was the model was about achieving objectives, which requires both the creation and the protection of value. The new model does a much better job of confirming that risk management contributes “to achieving objectives and creating value, as well as to matters of “defense” and protecting value.”

Learn why the Enterprise Risk Resilient Model might be a better choice.

» Read More
Skip to toolbar